------------------------------------------------------------------- Wed Dec 13 20:28:23 UTC 2023 - Martin Hauke - Update to version 1.7.1 Security * Fix CVE-2023-50246 (boo#1218034) + Fix heap buffer overflow in jvp_literal_number_literal. * Fix CVE-2023-50268 (boo#1218038) fix stack-buffer-overflow if comparing nan with payload. CLI changes * Make the default background color more suitable for bright backgrounds. * Allow passing the inline jq script after --. * Fix possible uninitialised value dereference if jq_init() fails Language changes * Simplify paths/0 and paths/1. * Reject U+001F in string literals. * Remove unused nref accumulator in block_bind_library. * Remove a bunch of unused variables, and useless assignments. * main.c: Remove unused EXIT_STATUS_EXACT option. * Actually use the number correctly casted from double to int as index. * src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. * Remove undefined behavior caught by LLVM 10 UBSAN. * Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. * Fix memory leaks on invalid input for ltrimstr/1 and rtrimstr/1. * Fix memory leak on failed get for setpath/2. * Fix nan from json parsing also for nans with payload that start with 'n'. * Allow carriage return characters in comments. Documentation changes * Generate links in the man page. libjq * Add extern C for C++. ------------------------------------------------------------------- Wed Nov 15 10:26:07 UTC 2023 - Dirk Müller - build with valgrind only on 64 bit architectures ------------------------------------------------------------------- Wed Sep 27 04:32:39 UTC 2023 - Andreas Stieger - switch to bootstrapped upstream tarball to fix version output [boo#1215737] ------------------------------------------------------------------- Thu Sep 7 13:42:19 UTC 2023 - Martin Hauke - Update to version 1.7 * Make object key color configurable using JQ_COLORS environment variable. * Change the default color of null to Bright Black. * Respect NO_COLOR environment variable to disable color output. * Improved --help output. Now mentions all options and nicer order. * Fix multiple issues of exit code using --exit-code/-e option. * Add --raw-output0 for NUL (zero byte) separated output. * Fix assert crash and validate JSON for --jsonarg. * Remove deprecated --argfile option. Language changes * Use decimal number literals to preserve precision. Comparison operations respects precision but arithmetic operations might truncate. * Adds new builtin pick(stream) to emit a projection of the input object or array. * Adds new builtin debug(msgs) that works like debug but applies a filter on the input before writing to stderr. * Adds new builtin scan($re; $flags). Was documented but not implemented. * Adds new builtin abs to get absolute value. This potentially allows the literal value of numbers to be preserved as length and fabs convert to float. * Allow if without else-branch. When skipped the else-branch will be . (identity). * Allow use of $binding as key in object literals. * Allow dot between chained indexes when using .["index"] * Allow dot for chained value iterator .[], .[]? * Fix try/catch catches more than it should. * Speed up and refactor some builtins, also remove scalars_or_empty/0. * Now halt and halt_error exit immediately instead of continuing to the next input. * Fix issue converting string to number after previous convert error. * Fix issue representing large numbers on some platforms causing invalid JSON output. * Fix deletion using assigning empty against arrays. * Allow keywords to be used as binding name in more places. * Allow using nan as NaN in JSON. * Expose a module's function names in modulemeta. * Fix contains/1 to handle strings with NUL. * Fix stderr/0 to output raw text without any decoration. * Fix nth/2 to emit empty on index out of range. * Fix implode to not assert and instead replace invalid unicode codepoints. * Fix indices/1 and rindex/1 in case of overlapping matches in strings. * Fix sub/3 to resolve issues involving global search-and-replace (gsub) operations. * Fix empty regular expression matches. * Fix overflow exception of the modulo operator. * Fix string multiplication by 0 (and less than 1) to emit empty string. * Fix segfault when using libjq and threads. * Fix constant folding of division and reminder with zero divisor. * Fix error/0, error/1 to throw null error. * Simpler and faster transpose. * Simple and efficient implementation of walk/1. * Remove deprecated filters leaf_paths, recurse_down. - Adjust URL/Source - new upstream https://github.com/stedolan/jq -> https://github.com/jqlang ------------------------------------------------------------------- Fri Sep 23 16:16:46 UTC 2022 - Dirk Müller - build without valgrind on riscv64 - does not exist (yet) ------------------------------------------------------------------- Thu Jul 4 17:27:13 UTC 2019 - myen@suse.com - Make jq depend on libjq1, so upgrading jq upgrades both See: https://github.com/stedolan/jq/issues/1904 ------------------------------------------------------------------- Fri Nov 2 12:35:25 UTC 2018 - Avindra Goolcharan - Update to version 1.6 * Destructuring Alternation * many new builtins (see docs) * Add support for ASAN and UBSAN * Make it easier to use jq with shebangs * Add $ENV builtin variable to access environment * Add JQ_COLORS env var for configuring the output colors * change: Calling jq without a program argument now always assumes "." for the program, regardless of stdin/stdout * fix: Make sorting stable regardless of qsort. - cleanup with spec-cleaner - drop CVE-2015-8863.patch (upstreamed in 8eb1367ca44e772963e704a700ef72ae2e12babd) - drop CVE-2016-4074.patch (upstreamed in fd4ae8304e23007672af9a37855c7a76de7c78cf) ------------------------------------------------------------------- Fri Feb 3 09:26:17 UTC 2017 - idonmez@suse.com - Add CVE-2016-4074.patch to prevent a stack exhaustion CVE-2016-4074 bsc#1014176 ------------------------------------------------------------------- Mon Jan 2 08:47:00 UTC 2017 - mpluskal@suse.com - Update tests dependencies to increase test coverage (bsc#1017157) * valgrind based tests were skipped - Do not run tests in qemu builds, valgrind does not work reliably in such conditions ------------------------------------------------------------------- Sat Jul 16 10:14:33 UTC 2016 - mpluskal@suse.com - Make building more verbose - Run tests ------------------------------------------------------------------- Mon Apr 25 11:48:27 UTC 2016 - idonmez@suse.com - Add CVE-2015-8863.patch to fix a heap overflow bsc#976992 ------------------------------------------------------------------- Tue Aug 18 09:12:21 UTC 2015 - idonmez@suse.com - Update to version 1.5 * Regexp support * A proper module system * Destructuring syntax * Math functions * An online streaming parser * Minimal I/O builtins (inputs, debug) * try/catch for catching and handling errors * Tail call optimization * Datetime functions * Performance enhancements - Add oniguruma-devel BuildRequires for regexp support ------------------------------------------------------------------- Fri Jun 27 09:55:52 UTC 2014 - idonmez@suse.com - Don't package static libs - Fix rpath on the main binary ------------------------------------------------------------------- Sun Jun 15 20:52:42 UTC 2014 - prusnak@opensuse.org - Updated to 1.4 + New command line arguments * jq --arg-file variable file * jq --unbuffered * jq -e / --exit-status (set exit status based on outputs) * jq -S / --sort-keys (now jq no longer sorts object keys by default + Syntax changes * .. -> like // in XPath (recursive traversal) * question mark (e.g., .a?) to suppress errors * ."foo" syntax (equivalent to .["foo"]) * better error handling for .foo * added % operator (modulo) * allow negation without requiring extra parenthesis * more function arguments (up to six) + New filters * any, all * iterables, arrays, objects, scalars, nulls, booleans, numbers, strings, values + New string built-ins * split * join (join an array of strings with a given separator string) * ltrimstr, rtrimstr * startswith, endswith * explode, implode * fromjson, tojson * index, rindex, indices + New math functions * floor, sqrt, cbrt, etc. + Addition of libjq, a C API interface to jq's JSON representation and for running jq programs from C applications. ------------------------------------------------------------------- Thu Oct 17 15:55:03 UTC 2013 - cdenicolo@suse.com - license update: MIT and CC-BY-3.0 documentation is licensed under CC-BY-3.0 ------------------------------------------------------------------- Tue Oct 1 15:09:01 UTC 2013 - robert.munteanu@gmail.com - Initial packaging of version 1.3